package com.buli.blmall.admin.core.security.access;

import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Component;

import java.util.function.Supplier;

/**
 * 权限验证
 * @author xiang.gao
 * @date 2025/3/3 18:20
 */
@Slf4j
@Component
public class UserAccessPermission implements AuthorizationManager<RequestAuthorizationContext> {
    @Override
    public AuthorizationDecision check(Supplier<Authentication> authentication, RequestAuthorizationContext context) {
        String requestUrl = context.getRequest().getRequestURI();
        log.info("权限认证,当前访问路径：{}", requestUrl);
        // 获取当前用户
        /*Authentication auth = authentication.get();
        if (auth == null || !auth.isAuthenticated()) {
            return new AuthorizationDecision(false);
        }

        // 检查用户是否有权限访问该 URL
        boolean hasPermission = auth.getAuthorities().stream().anyMatch(grantedAuthority -> PathMatchUtil.match(grantedAuthority.getAuthority(), requestUrl));*/

        return new AuthorizationDecision(true);
    }
}
